Article: PS3 3.60 Keys Leaked

[Elissa]

Oh hold on, the script you posted which does the entire package right? You know the part where another window pops up and says it is decrypting the eboot? Straight after the eboot it says it is decrypting the self file

Edit.. Yeah doesn't work I guess it doesn't actually encrypt the self file even though it says it does. Also I tried the new script you posted and it now gives the error about the header. It is a shame I am trying the update for the game "Rage".

[oakhead69]

Updated the Re-encrypt script, it now handles spaces in the path and I have improver the final package naming.
Original package name is now not changed and the created package is the same a the original with a '-3.4' on the end.

[oakhead69]

Turns out the decrypting of self and sprx files (or failure there of) is not a bug or lack of feature in scetool. It can already do it.

The self is encrypted with a klicense key, which when the eboot.bin loads the self it decrypts it. So the klicense key is in the eboot.bin. So once the eboot.bin is decrypted to the eboot.elf we can brute force search for the klicense key.

We then give this to scetool like this: (example is BCES00938 SOCOM: Special Forces)

scetool -l 08727df80102030431c855b900000101 -d s4_g.self s4_g.elf

It will then decrypt it.

Other example I brute forced is
Portal 2 19089cbaf948487f9530832bf477b369

This is as far as I have got so far, we then need to re-encrypt it and put it back in the package file. Just like we do with the EBOOT.BIN.

Just thought I would share where I am up to.

@Elissa I am trying to brute force Rage as we speak to get the klicense.

EDIT:

@Elissa

offset 0x1978b20 into boot.elf for Rage (BLES01377)

you find the klicense key:
58a4badb96035258c54dde01f210cbdd

So to decrypt patch.elf in Rage use

scetool -l 58a4badb96035258c54dde01f210cbdd -d patch.self patch.elf

Good luck.

EDIT2:

Also remember when you re-encrypt the elf to self/sprx you need to include the -l 58a4badb96035258c54dde01f210cbdd.

[aienma]

does this mean i can patch a 3.60 game on my own?

[makail100]

god bless us, with CFW?

[Matsumot0]

oakhead69 Thank you so much for this such information, i make a pkg for the lasted patch of Black Ops 1.13 for 3.55

but i have a problem, multiplayer side doesn't work... i have a blackscreen and i don't know why!...
Solo and Zombie seems to work without bugs. I've tested uncompressed selfs too... doesn't working :x
I don't know what to do else.

Klicense BLES01031 Blackops Patch 1.13: AF0A8F0A8909F09234091AFADF909AF0
i can send the pkg in PM if you want inspect my work, i can't post link i'm new member...

Tested on cfw 3.55 TB v2
Thanks in advance

PS: Sorry for my bad english

[YoYoBalls]

Other example I brute forced is
Portal 2 19089cbaf948487f9530832bf477b369

This is as far as I have got so far, we then need to re-encrypt it and put it back in the package file. Just like we do with the EBOOT.BIN.

Could this then be my problem I at having in this thread with portal 2??? - http://psx-scene.com/forums/f187/portal-2-a-105281/ (Portal 2)

The fixed has several sprx files that need replaced as well as the EBOOT. (this was odd to me at first but I read some games do need sprx files pacthed/replaced)

The game locks up at that point because the sprx's that are being loaded at that time are not properly decrypted?

[BahumatLord]

@YoYouBalls - yes that's exactly it

@oakhead69 - Would you mind sharing the script you're using to brute-force the klicense? I get what you're saying but I don't want to get into doing a base-16 number generator if you've already got a working method

[YoYoBalls]

@BahumatLord

Ok cool thanks for the speedy reply - glad I figured it out.

[BahumatLord]

I'm about to check out the PSFR33 patch that was talked about on that thread. Give me a minute and I'll let you know if it works

Edit: I tried it with my TB patched copy and I get a spinning yellow warning sign. I'm going to try to redump the game clean and try again. I've never seen that warning logo. It's not a Sony one, so they might be junk patches